스프링 게시판

스프링 시큐리티 로그인 비밀번호 암호화

뇽꾸리 2020. 6. 20. 14:55
반응형
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<!-- security 설정 -->
    <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>5.3.2.RELEASE</version>
    </dependency>
    <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web -->
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>5.3.2.RELEASE</version>
    </dependency>
    <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config -->
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>5.3.2.RELEASE</version>
    </dependency>
 cs

pom.xml 에  security - web,core,config를 추가해줍니다. 

전 가장 최신거 바로 밑에거로 했어요 오늘 기준(2020/06/20)

 

 

 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
@Controller
public class UserLoginController {
 
    @Autowired
    UserService userService;
    
    @Autowired
    BCryptPasswordEncoder encoder;
    
    @RequestMapping("/page")
    public String loginpage(HttpServletRequest request , HttpSession session, Model model) {
 
        return "login/login";
    }
    
    @PostMapping("/login")
    @ResponseBody
    public Map<String,Object> login(HttpServletRequest request, HttpSession session)throws Exception{
        String result = "F";
        
        UserVO userInfo  = null;
        try {
            // 아이디값을 넣어서 유저 정보를 가져옵니다.
            Map<String,Object> map = new HashedMap<String, Object>();
            map.put("user_id",request.getParameter("user_id"));
            userInfo = userService.checkUser(map);
 
            // 그 유저가 있으면
            if(userInfo !=null) {
 
            // 그 유저의 비밀번호와 넘어온 비밀번호를 비교해줍니다. encoder.matches 사용!
                if(!encoder.matches(request.getParameter("user_pw"), userInfo.getUser_pw())) {
                    result="N";
                    throw new Exception("비밀번호가 틀렸다.");
                }else {
                    result="S";
                }
            }else {
                result="N";
                throw new Exception("아이디가 틀렸다.");
            }
        }catch(Exception e) {
            System.out.println(" 로그인 에러  : " +e);
        }
        Map<String,Object> resultJson = new HashedMap<String, Object>();
        resultJson.put("result", result);
    
        return resultJson;
    }
}
 cs

 

반응형